How to - Configure a Drop Mode Firewall
Posted by Clayton Spencer, Last modified by Clayton Spencer on 10 January 2019 10:30 AM
This article is applicable to users on versions 9.4 and above.
This article will illustrate how to properly configure a Drop mode firewall. A Drop mode firewall will by default drop any connections that do not have an explicit Accept rule. This will stop many VPN and Proxy services from working and is a great way to have not only more control of your network, but much greater security as well.
Step 1. Navigate to the Firewall page, then change the default policy from Accept to Drop.
Step 2. Insert Accept rules for ports TCP - 80,443,20,21,25,465,587,53 and UDP - 53,123. These ports are critical for basic network functionality, and if not added will cause connectivity issues.
Note: Port 80 and 443 are HTTP and HTTPs respectively. Port 20 and 21 are the pair of ports used by FTP. Ports 25,465,587 are all related to Email. Port 53 is used for DNS and lastly port 123 is used for NTP.
Step 3. Press Save and Apply. Once complete you've successfully configured a Drop mode firewall!
Note: A network audit may be needed to determine if your devices require any additional ports opened to function properly.